Chair’s Message | Curriculum is Paramount

Dec. 4, 2020 

Dear Cybersecurity and Privacy community, 

You may have missed it in my message before Thanksgiving week, so it bears repeating: the whole point of a school at Georgia Tech is education. We are used to thinking about education in familiar terms: lectures, exams, grades, credits, degrees, semesters. And curriculum. I hope you noticed the emphasis on the word curriculum. It’s the one thing we professors like to hang our hats on when we talk about education.  

When pressed, most people would say that a curriculum is the prescribed sequence of courses leading to a defined academic goal (like a degree). The problem is that degrees — or grades or even courses for that matter — are not educational outcomes. A degree, for example, does not measure whether material has been mastered. Most of the time a degree doesn’t even ensure proficiency in basic skills. A simple listing of courses commoditizes learning. The same series of courses can lead to wildly different educational outcomes. A list of courses doesn’t define how subjects are learned or the units of achievement. It doesn’t define what is excluded or what subjects are implicit. Nor does it define how students experience learning. In other words, the one thing we professors like to hang our hats on doesn’t say much about how we plan to shape a student’s learning. 

The reason I am (painfully) telling you how little real meaning is packed into the word curriculum is that our school now has a Curriculum Committee, and, evidently, the first thing that the committee must do is articulate a vision for the SCP learning experience. That’s not a clerical task. I expect they will talk to a lot of people over the coming weeks or months. They will spark conversations. There will be strong opinions stated forcefully. I hope there will be arguments about what we stand for.    

Here’s an example: I believe that cybersecurity requires an active learning experience called project-based learning (PBL). Internships, for example, are one way to approach PBL. Some universities, like tiny Olin College of Engineering (@OlinCollege) have thrown out traditional lecture-based courses entirely in favor of projects where students must demonstrate skills mastery to make progress through the curriculum. There’s a mountain of data that points to the superiority of active learning, but it’s messy. Stanford Dean of Education Dan Schwartz calls it a “pile of goo.” 

I’ve asked our new curriculum committee to not be deterred by all this ambiguity. We don’t have to resolve issues right away. We do have to begin the conversations though. We will begin that process right after the winter holidays. It’s not often that educators get to start with a blank sheet of paper. I hope you will all find a way to make your voices heard. 

Final exams and the end of this nonstandard semester are upon us, but professional activities will continue. 

Next week, at the Annual Computer Security Applications Conference, a research team from Georgia Tech, led by CS Professor Wenke Lee and ECE Asst. Professor Brendan Saltaformaggio, will demonstrate via simulation the vulnerability of stock markets to being manipulated by a botnet of compromised brokerage accounts. In a paper co-authored by CS Professor Mustaque Ahamad, researchers explore whether it is possible to build a practical collaborative phone blacklisting system that makes use of mechanisms to provide privacy guarantees to participants who collaborate to detect spam callers. Also accepted in the technical program is “A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs” co-authored by ECE Assoc. Professor Manos Antonakakis. Georgia Tech, as at CCS 2020, is a leader in the technical program.  

I encourage all GT faculty and researchers to please continue sharing with the school their efforts in cybersecurity and privacy. This will give us a broader perspective of the institute’s larger body of work. The school ultimately is a resource for Georgia Tech’s total cybersecurity and privacy efforts. We want to be able to make connections across campus no matter where you work or study.   

A cybersecurity milestone for the institute that we can all celebrate will take place one week from today. At the fall commencement ceremony on Dec. 11, students from the Online Master of Science in Cybersecurity degree program’s first official cohort will receive their degrees. We are excited to share more about these graduates next week and celebrate with them. 

Also, just for fun and to finish out your busy finals schedule, the school created an interactive chart from Cybersecurity Ventures’ list of ‘hacker’ movies. You might find some old friends or new films worth checking out.  

This is my final letter of the semester and today at 1 p.m. EDT is the last open office hour I’ll hold this semester. All are welcome and if any of our soon-to-be graduates want to come by it would be a treat to hear about what comes next for you.  

Please have a safe holiday season. I will be back with more news and other thoughts about our new school in January.  


Richard DeMillo
Charlotte B. and Roger C. Warren Chair of Computing
Chair, School of Cybersecurity and Privacy  

Visit me at
Follow me on Twitter @rad_atl and @richde